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AMENDMENTS TO THE CLAIMS: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

LISTING OF CLAIMS: 

Claim 1 (currently amended) A process for restricting unauthorized operations by a 
computer user, comprising: 

using a security executable to create a list of authorized operations for said computer 

user; 

attaching a hook function to all new processes; 

employing the hook function whenever a new application is started to send a message to 
the security executable, said message including a process id and path of the new application[[.]]; 

receiving said message from the hook function at the security executable and correlating 
to said list to determine whether the new application is authorized or not; 

answering the message by the security executable when the new application is authorized 
to indicate so; 

stopping the new application when the new application is not authorized. 



Claim 2 (currently amended) A software system for restricting unauthorized operations 
by a computer user, comprising: 
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a first program module , which is a hook procedure, for automatically attaching to all new 
processes and for querying an ID of each said new process; 

a second program module in communication with said first program module, said second 
program module using a security executable to build building a list of allowed applications, 
ittiicving retrieve the ID of each new process from said first program module, and terminating 
terminate each process not identified on said list of allowed applications. 

Claim 3 (original) The software system for restricting unauthorized operations by a 
computer user according to claim 2, wherein said first program module is executable in user 
mode. 

Claim 4 (currently amended) The software system for restricting unauthorized 
operations by a computer user according to claim 2, wherein said first program module is 
attached to new processes by t^ing into the USER32 using the system dynamic link library . 

Claim 5 (original) The software system for restricting unauthorized operations by a 
computer user according to claim 4, wherein said first program module is a Windows hook 
procedure. 

Claim 6 (original) The software system for restricting unauthorized operations by a 
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computer user according to claim 5, wherein said first program module communicates with said 
second program module by sending a message with the process ID and path of the process being 
examined. 

Claim 7 (original) The software system for restricting unauthorized operations by a 
computer user according to claim 6, wherein said second program module communicates with 
said first program module when said process is authorized by answering said message with an 
indication that said process is authorized. 

Claim 8 (original) The software system for restricting unauthorized operations by a 
computer user according to claim 6, wherein said second program module automatically 
terminates said process when not authorized. 

Claim 9 (currently amended) A process for restricting unauthorized operations by 
computer users in a network environment, comprising the steps of: 

maintaining using a security executable to create and maintain a list of authorized 
processes and IDs for each computer user; 

attaching a hook function to all new processes; 

monitoring all new processes that are started with the hook function and determining an 
ID thereof; 
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receiving said ID from the hook function bv the security executable: 
detennining whether the ID of each started process is on said list; 
allowing said process to continue when its ID is on the list; 
terminating said process when its ID is not on the list. 
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